Cloud and data leaks: how to protect your business?
The cloud is on everyone's lips and already used mainly by companies around the world. The cloud is on the rise. But like any other tool, it carries its share of risks. What are they? How can you protect your company from these risks?
Securing the cloud
In a 2018 study, Ponemon Institute and IBM announced that "organizations implementing a major data migration to a cloud when a data leak occurs see their losses increase by an average of $12, bringing the cost of each lost data to $160". This figure, excluding cloud migration, reaches 148 dollars for all countries combined. The figures can make you dizzy because since January 2019, we know that each leak leads to an average loss of 19 million data.
Yet 75% of companies store at least 20% of their sensitive data in a cloud that they consider "insufficiently secure". How can we explain this paradox? These dematerialized servers are more and more essential, because they are a source of simplicity and cost reduction. For example, it is estimated that 83% of corporate data will be stored on clouds by 2020.
How to protect data in a cloud?
There are different cloud models that involve different levels of responsibility for protecting the data that will be hosted on the service.
In the case of SaaS (Software as a Service) solutions, security is almost entirely managed by the public cloud player. However, to further protect the data stored there, it is still possible to use two data leakage prevention tools. These tools include Data Leakage Prevention (DLP) and Cloud Access Security Brokers (CASB).
For solutions such as IaaS (Infrastructure as a Service) or PaaS (Platform as a Service), the responsibility for data and application security rests primarily with the customer and no longer with the service provider. Web application firewalls (WAF) can be complementary tools to the solutions already available in the cloud to prevent leaks. WAFs are used to counter attacks that seek to take advantage of application vulnerabilities.
Minimize risks when migrating to a cloud
To successfully negotiate your migration to a cloud, it is better to start with a data inventory. Going to the cloud does not mean switching all your information to the cloud. The most critical and sensitive informations must be processed in a more traditional way and stored within the company on a secured server.
For each company, the prioritisation of the data to be protected differs. If financial information or strategic plans remain logical first choices, it is advisable to be careful with fake friends. This data, which seems uncritical, is in fact coveted, such as invoices, for example. These, well copied, can be used to perpetrate scams on the President. According to the Central Office for the Repression of Great Financial Crime (OGRGDF), this type of fraud cost American companies $2.3 billion in 2016.
Responding to data leakage
Since 25 May 2018, the date of implementation of the Data Protection Regulation (DGPR), European companies have to report any leakage of personal data within 72 hours of the incident, whether accidental or resulting from a cyber attack.
Must be provided :
• the nature of the incident,
• the category and number of people affected,
• the number of records involved,
• the likely consequences of the escape,
• the measures taken to avoid it.
As data leaks are not inevitable, they must also make possible an inventory of the security breaches that allowed the theft or accidental leak and therefore the implementation of actions to prevent them in the future. This can be an opportunity to realize that the current processes are not the right ones, and start over from scratch.
How to detect the most crafted attacks?
Download our whitepaper about the latest rising threat : Hybrid Malware.